#include <tunables/global>

{{ edxapp_sandbox_venv_dir }}/bin/python {
    #include <abstractions/base>

    {{ edxapp_sandbox_venv_dir }}/** mr,
    {{ edxapp_code_dir }}/common/lib/sandbox-packages/** r,
    /tmp/codejail-*/ rix,
    /tmp/codejail-*/** wrix,

    #
    # Whitelist particular shared objects from the system
    # python installation
    #
    /usr/lib/python2.7/lib-dynload/_json.so mr,
    /usr/lib/python2.7/lib-dynload/_ctypes.so mr,
    /usr/lib/python2.7/lib-dynload/_heapq.so mr,
    /usr/lib/python2.7/lib-dynload/_io.so mr,
    /usr/lib/python2.7/lib-dynload/_csv.so mr,
    /usr/lib/python2.7/lib-dynload/datetime.so mr,
    /usr/lib/python2.7/lib-dynload/_elementtree.so mr,
    /usr/lib/python2.7/lib-dynload/pyexpat.so mr,

    # Matplot lib  needs a place for temp caches
    {{ edxapp_sandbox_venv_dir }}/.config/ wrix,
    {{ edxapp_sandbox_venv_dir }}/.cache/ wrix,
    {{ edxapp_sandbox_venv_dir }}/.config/** wrix,
    {{ edxapp_sandbox_venv_dir }}/.cache/** wrix,

    # Matplotlib related libraries
    /usr/lib/python2.7/lib-dynload/termios.so mr,
    /usr/lib/python2.7/lib-dynload/parser.so mr,

    # Matplot lib needs fonts to make graphs
    /usr/share/fonts/ r,
    /usr/share/fonts/** r,
    /usr/local/share/fonts/ r,
    /usr/local/share/fonts/** r,

    #
    # Allow access to selections from /proc
    #
    /proc/*/mounts r,
    
}
